Classify Sensitive Data the Way Real Organizations Work

In Finance, the domain owner is accountable for the metadata, while data stewards manage the day-to-day work. They understand the business meaning of every column, the right definitions, and the upstream sources. They are not privacy experts, and that should not be their role. Asking them to decide what counts as PII inside their domain is asking the wrong question. The same applies to Marketing, HR, Operations, and every other domain. The expertise that decides "this is PII" lives in a different team altogether. 

That is why Accurity Data Classifications reflect how governance responsibilities are actually divided in real organizations. Privacy and compliance experts maintain the classification taxonomy and decide what gets classified. Domain owners and data stewards continue to manage their domain metadata. Classifications then propagate automatically through the data hierarchy, so coverage stays complete without anyone chasing it.

Two Capabilities, One Launch

Data Classifications brings together two capabilities that belong together: 

• Governed classification. The classification taxonomy (PII, Confidential, GDPR-relevant, and so on) is owned by classification stewards. Only they can define classifications and apply them to assets. Assignment can also go through approval workflows, so every label is intentional and auditable. 

• Inherited classification. When an object is classified, the classification automatically flows down its hierarchy. Classify a schema, and its tables and fields inherit it. Classify a term group, and its terms inherit it. Classify a domain in the business data model, and its entities and attributes inherit it. Coverage is complete from one decision. 

Expertise Where It Belongs

Accurity’s Domain Management already lets organizations delegate metadata stewardship by domain, so Finance owns Finance, HR owns HR, and so on. Data Classifications adds a second, parallel stewardship dimension: classification stewardship. 

Classification stewards are typically your privacy officers, security architects, or compliance leads. They work across domains and apply classifications wherever needed. Domain stewards continue to own their domain content, but classifications are off-limits to them. The two stewardships meet at the asset, but neither steps on the other. 

The result is a model that mirrors how regulated organizations actually operate. Privacy decisions stay with privacy experts. Domain decisions stay with domain experts. Audit gets a clean record of who decided what, and why. 

Classify Once, Cover Everything

Classifying every individual data object by hand does not scale. Inherited classification solves this in two ways, both available today. 

Hierarchical inheritance propagates classifications down through the object hierarchy: 

• Data catalog: classify a data structure, and its data fields inherit the classification. 

• Business glossary: classify a term group, and its terms inherit the classification. 

• Business data model: classify a parent entity, and its attributes inherit the classification. 

Lineage-based inheritance propagates classifications downstream through Accurity’s lineage graph. Classify a source field as PII, and every derived dataset that depends on it inherits the same classification automatically. As data moves through pipelines, transformations, and reporting layers, sensitivity follows it. Privacy stewards classify at the source once, and coverage extends across every downstream asset that carries the same data, no matter how many systems it passes through. 

A privacy steward applying “PII” to a customer table classifies every column inside it through hierarchy, and every downstream report that uses that data through lineage. One decision, complete coverage. If a new column or downstream table appears later, it inherits the classification automatically. No manual catch-up, no coverage gaps, no last-minute audit panic. 

See It in Action

Three short examples of what becomes possible: 

• A privacy officer classifies the customers table as PII. All 47 columns inherit the classification instantly. The Finance and Marketing stewards who use this table see the PII flag, but cannot remove or change it. 

• A compliance lead reviews GDPR-relevant data across the organization. A single search returns every classified asset, regardless of which domain owns it, because classifications cut across domains by design. 

• A new column appears in a classified table. It inherits PII automatically. The HR domain steward who added it does not have to remember a privacy rule, and the privacy steward does not have to police every change. 

Key Benefits

• Match real organizational structure, with parallel stewardship for domain experts and classification experts 

• Scale coverage automatically through hierarchical inheritance, so classifications reach every relevant asset without manual work 

• Strengthen compliance posture for GDPR, BCBS 239, EHDS, DORA, AI Act, HIPAA, and internal regulatory requirements 

• Keep audits clean with a complete trail of who applied or changed each classification, and when 

• Reduce risk of human error, since the people who own data cannot accidentally misclassify it, and the people with classification authority do not have to chase every asset 

Why It Matters 

The wave of new regulation is not slowing down. GDPR set the baseline. BCBS 239, EHDS, DORA, the AI Act, and a growing list of national rules each ask the same fundamental question: do you know which of your data is sensitive, and can you prove it? 

Tagging data sensitive is easy. Doing it credibly, consistently, and across an organization that operates in domains is hard. Data Classifications is built for that hard problem. Privacy experts set the standard once, the platform enforces it, and inheritance ensures every asset that should carry a classification actually does. 

When the standard is owned by the right people and applied automatically where it belongs, compliance stops being a fire drill. 

What Comes Next

Today’s release covers governed taxonomy, governed assignment, and hierarchical inheritance. The roadmap continues with four directional capabilities, all designed to make classifications even more automatic and powerful: 

• Automatic discovery and scanning: detect sensitive data automatically through pattern matching and AI-driven recognition, surfacing PII, financial, or regulated data candidates for classification stewards to review. 

• Lineage-based propagation: classifications flow downstream through Accurity’s lineage graph, so a PII source automatically classifies the derived tables that depend on it. 

• Bottom-up aggregation: classify columns like email, IBAN, or gender as PII, and the parent table and dataset are automatically flagged as containing PII, with no manual rollup needed. 

• Classification-driven rules and enforcement: classifications trigger access controls, alerts, and policies, turning labels into action. 

👉 Learn how Accurity Data Classifications help your privacy and compliance teams govern with confidence, while your domain stewards stay focused on what they do best.